What the Russia-Ukraine War Means for the Future of Cyber Conflict?


Time: 2022/9/13 02:00-04:00PM
Venue: IEAT International Conference Center Meeting 8F Room 2

Keynote Speaker:

14:05–14:45 Keynote #1. Internet Hacking Landscape in the Russia-Ukraine War by Representative from Microsoft

14:45–15:25 Keynote #2. The Weaponized Social Media in the Wartime

15:25–16:05 Keynote #3. The Future of the International Law after the Russia-Ukraine Cyber Conflict 


 Keynote #1. Internet Hacking Landscape in the Russia-Ukraine War by Ms. Chien-Min Yang from Microsoft CELA

Microsoft published an intelligence report, Defending Ukraine: Early Lessons from the Cyber War, this June. The report represents research conducted by Microsoft’s threat intelligence and data science teams with the goal of sharpening our understanding of the threat landscape in the ongoing war in Ukraine. Yang invited Fanta Orr and Judy Ng, both senior analysts in Microsoft and the main contributors to the report, to share Microsoft’s observations and findings through pre-recorded videos.  

Microsoft observed that cyberattacks have emerged before the Russian troops invaded Ukraine. The physical invasion has also been accompanied by cyberattacks ever since the war started. Orr and Ng shared several insights, including: government institutions were the most common target during the war; Russian government entities responsible for cyberattacks, including GRU; targeted phishing as one of the tactics. Most cyberattacks observed during the war were common tactics, which makes contribution difficult. Orr and Ng emphasized the importance of cyber hygiene for cyber defense.

Yang pointed out that nowadays, war happens on multiple fronts and in various forms. The report suggested that the government should collaborate with the industry in cyber defense and share intelligence. Microsoft helped the Ukrainian government migrate more than one hundred systems to the cloud to maintain the integrity of its services and data during the war. In the end, Yang emphasized the importance of collaboration among global multistakeholders.

 Keynote #2. The Weaponized Social Media in the Wartime by Chihhao Yu, IORG Co-director. Software engineer, information designer.

Yu defined ‘weaponize’ as information manipulation. Information manipulation includes manipulation of source, where sources were omitted or forged; manipulation of content, a.k.a. fake news; conspiracy theories that provoke emotional reactions are examples of manipulation of speculation. Yu used real examples in the Russian invasion to explain each kind of information manipulation while referencing similar scenarios in Taiwan, making it easy for the audience to understand the context.

Several themes are often found in the content manipulation: whitewash the invader, people desire peace, there is no war, demoralization, justify the invasion, and sow discords among supporters. Disinformation such as the war is self-orchestrated while framing Russia by Ukraine is an example of ‘there is no war.’ ‘Zelensky has fled’ is typical ‘demoralization,’ and ‘the Ukrainian government is poisoning its citizens’ is justifying the invasion. In the Taiwanese context, it would be something like ‘Taiwan is part of China.’

Yu proposed that we should use the Internet to make democracy more resilient, not otherwise. He also considered social media self-regulating content on their platforms as a positive first step. Stopping all kinds of information manipulation in the short term is impossible. However, Yu encouraged every citizen to help record the information. One of the simplest ways would be forward disinformation we receive via LINE to Cofacts. Cofacts is a chatbot supported by a fact-checking community composed of volunteers. The community discloses every piece of information they receive to allow further research and analytic works by other parties. The results are helpful not only for future strategy but also accountability. He also urged the public to support relevant research and all stakeholders, including governments, academics, and enterprises, to work together in their own capacity, minimizing the impact of social media weaponization.  

Keynote #3. The Future of the International Law after the Russia-Ukraine Cyber Conflict by Alice Yang, Ph.D Assistant Research Fellow, Institute for National Defense and Security Research

Dr. Yang analyzed the Russian invasion from international law and military perspectives, including the application of international law in cyber conflicts, non-state actors (tech companies), and the development of international law. In principle, international law prohibits any state from using force against the territorial integrity or political independence of any other state. While the interpretation of ‘use of force’ is often debatable, Russia’s invasion of Ukraine was recognized by most countries as breaking international law. On the other hand, applying international law in cyber conflicts is also controversial in the sense that most countries can only agree on the applicability but not how it applies. There are no clear metrics in terms of the harms, scale, and impact to define an armed conflict. Meanwhile, while hours long electricity outrage caused by cyberattacks might not qualify as an armed conflict, it could be argued that the harm inflicted was great enough to break international law.

Dr. Yang also noted that cyberattack was not the main form of arm in the Russian invasion in spite of public speculation. Traditional arm force was still the mainstream, and it was suspected that this could be the result of Ukraine’s familiarity with cyberattacks ever since the Crimean crisis in 2014. It has also been proven that cyberattacks are the most impactful in hybrid warfare. It is also worth noting that disinformation is rarely taken into account in the context of cyber warfare.

Dr. Yang illustrated different levels and aspects of tactics in cyberattacks. For example, overloading the enemy’s network, deliberately feeding false intel to the opposite side, and forcing the enemy to change their strategy. In terms of the Russian invasion, it was clear that Russia was not as organized as Ukraine, with the latter receiving help from the United States. Tech companies have played a significant role in the war with their continuing support of internet connection, data, and map services and encouraging users to collect evidence of war on the social media platform.

The non-state actors have contributed in ways most governments could not. Dr. Yang noted that the motive of private sector could vary from state governments. Although private sector is not in the scope of international law, actions of both state and private sector can influence the development of international law. It would be interesting to watch how the two different actors strategize and prioritize in the future.


Q1:Some people claim that cyber warfare will become more complex and destructive and that the Internet and social media will be further weaponized. What do the panelists think?

A1:Yu: The public discourse and democratic development will always be subject to manipulation, platforms, and the public. The current information environment is already highly complex, and we as the participants in this environment are able to improve it. More and more corporations and organizations are starting to pay attention and effort to these issues, and Yo believes we will develop better strategies in the future. He also noted that the problematic information environment is not the same as cyberattacks. 

Q2:Could Yang from Microsoft share the most common malware/cyberattacks in the Russian invasion?

A2:Yang: according to Microsoft’s report, the “wiper”malware designed to “wipe” computer hard disks and destroy all their data was the most commonly observed. Ransomware was also common. Spear phishing is phishing aiming at specific targets. Although traditional, it remains popular for its effectiveness. 

Q3:Authoritarian regimes can easily invade democracies. On the other hand, democracies can not invade or fight back for their democratic principle. This is obviously unfair. Does democracy need to evolve? If so, how?

A3:Dr. Yang: international law prohibits any state from using force against the territorial integrity or political independence of any other state. However, Russia has insisted on framing its action as a special military operation, never as ‘invasion’ or ‘war.’ As a lawyer herself, Dr. Yang considers protecting fairness in society despite the unfair environment her duty. Disinformation and political propaganda are not new; they are only worse due to social media. We will need to keep learning to improve our media literacy and defend ourselves.



14:00–14:05     活動介紹

14:05–15:45     專題演講一「俄烏戰爭下的網路駭侵樣貌與經驗學習 」
                            楊千旻 法務協理 (台灣微軟公司)
                            Fanta Orr, Senior Analyst, Customer Security and Trust, Microsoft Corporation
                            Judy Ng, Senior Analyst, Customer Security and Trust, Microsoft Corporation

14:45-15:25     專題演講二「俄烏衝突中被武器化的社群媒體 」
                           游知澔 共同主持人 (IORG 台灣資訊環境研究中心)

15:25-16:05     專題演講三「 俄烏網路衝突下的國際法發展可能 」
                           楊長蓉 博士(國防安全研究院國防戰略與資源研究所)




「俄烏戰爭下的網路駭侵樣貌與經驗學習」楊千旻 法務協理(台灣微軟公司) 

Fanta Orr, Senior Analyst, Customer Security and Trust, Microsoft Corporation

Judy Ng, Senior Analyst, Customer Security and Trust, Micosoft Corporation

微軟公司在今年6月22日發布了《Defending Ukraine: Early Lessons from the Cyber War》報告,在本場次演講當中,楊千旻法務協理也特別邀請到這份報告的主要撰寫者:Fanta Orr及Judy Ng兩位資深網路威脅分析師,透過預錄影片的方式,與聽眾分享微軟針對俄羅斯對烏克蘭實施網路攻擊的觀察與發現。

根據微軟的觀察,在兩國戰爭尚未開始的前幾個月,多項訴諸外交手段要求俄羅斯自邊境撤軍的嘗試失敗後,就已經開始出現網路攻擊活動,後續網攻也搭配著實體攻擊持續進行。兩位專家也分析了烏克蘭境內遭受攻擊的對象類型,其中又以政府機關最常受到攻擊;可能涉及支持駭侵活動的俄羅斯官方機構例如GRU等;攻擊的手法則是包括魚叉式網路釣魚(spear phishing)等。由於這些手法都相當常見,因此在歸因上也相對困難,專家亦特別強調網路衛生(cyber hygiene)對於網路防禦的重要性。



  1. Microsoft, Defending Ukraine: Early Lessons from the Cyber War:https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/
  2. Microsoft, The hybrid war in Ukraine:https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
  3. Microsoft, Cyber threat activity in Ukraine: analysis and resources:https://msrc-blog.microsoft.com/tag/ukraine/
  4. Microsoft, Digital technology and the war in Ukraine:https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
  5. Microsoft, Using cybersecurity to help manage volatility in the global threat landscape:https://www.microsoft.com/en-us/security/business/security-insider/threat-guidance/using-cybersecurity-to-help-manage-volatility-in-the-global-threat-landscape/
  6. Microsoft, 趨勢名人堂網路戰爭無國界,以俄烏網路戰為鏡提升全民資安防護意識:https://news.microsoft.com/zh-tw/features/cyber-warfare/
  7. Microsoft, Shields Up Technical Guidance:https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war
  8. CISA, Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure: https://www.cisa.gov/uscert/ncas/alerts/aa22-110a
  9. NCSC, UK government assess Russian involvement in DDoS attacks on Ukraine:https://www.ncsc.gov.uk/news/russia-ddos-involvement-in-ukraine
  10. Canada.ca, Joint cyber security advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure:https://www.cyber.gc.ca/en/news-events/joint-cyber-security-advisory-russian-state-sponsored-and-criminal-cyber-threats-critical
  11. 數位時代, 網路戰爭無國界,以俄烏網路戰為鏡提升全民資安防護意識:https://www.bnext.com.tw/article/71389/hacker%EF%BC%8Dinformation-security-mstic

「俄烏衝突中被武器化的社群媒體」游知澔 共同主持人 (IORG 台灣資訊環境研究中心)簡報下載





「俄烏網路衝突下的國際法發展可能」楊長蓉 博士(國防安全研究院國防戰略與資源研究所)簡報下載






1.    有人認為未來網路戰會更為複雜與具破壞性,而網際網路與社群媒體也將被武器化,請問專家的看法?


2.    請問微軟的楊協理,在俄烏戰爭中哪些惡意軟體攻擊方式最常見?

楊千旻法務協理:在微軟這次的報告中,觀察到最多的是Wiper惡意刪除軟體攻擊,大約占60%,其他則包括偷竊或是勒索病毒。如同前面演講中所提到的,spear phishing可針對特定對象進行網路釣魚,雖然攻擊手法相當傳統,但目前看來仍是最容易達到效果的植入病毒方式。

3.    極權可以隨意侵略民主環境,但民主卻由於原則的關係,無法禁止侵略或是反擊。這明顯屬於不公平狀態,請問民主是否需要進化?如何進化?

楊長蓉博士:國際法明確禁止侵略行為,然而俄羅斯從未主張其攻擊鳥克蘭的行為屬於侵略,甚至從未宣戰,而是採取「特殊軍事行動」(special military operation),身為法律人可以做的,就是在這個不公平的環境下儘量去維持社會的公平。假訊息及政治宣傳的問題長期以來一直都存在,只是透過社群媒體更加助長,因此我們也要持續學習進化,提升自己的資訊判讀能力。